Bad Ads Outstrip Porn as Mobile Phone Infection Vectors

Mobile ads increasingly are being used as part of many social engineering attacks. "Malvertising is a very effective way to infect unsuspecting users with malware, because it can exploit browser vulnerabilities both known and unknown," said Dana Tamir, director of enterprise security at Trusteer. One way to foil malvertisers is with an ad blocker, though it's a partial solution at best.

By John P. Mello Jr.
03/11/14 7:20 AM PT

Trawling porn sites used to be the best way to pick up an electronically transmitted disease on your smartphone. That's not the case anymore.

Every one in five times a mobile user is redirected to a malware site on the Internet, it's done through a malicious ad, according to a report released last week by
Blue Coat. That's three times what it was two years ago.

One reason malicious ads have been able to outperform porn sites is they can garner more traffic than the smut peddlers.

"We're seeing a shift in mobile user behavior," said Sasi Murthy, vice president of product marketing security at Blue Coat.

"We're seeing an increase in recreational usage for mobile users around shopping and entertainment," she told TechNewsWorld. "When we contrast that with the desktop world, recreational usage for mobile users is double."

"Our friends in the cybercrime world are going to be focused on the same kinds of behaviors we are -- but for different purposes -- and set their strategies based on those behaviors," she continued. "So it makes perfect sense from a cybercrime strategy to start to use a vector like malvertising."

Surf Cautiously

Increasingly, mobile users are being subjected to more ads -- even more so than PC users -- as sites everywhere continue to refine their mobile advertisement strategies, the report notes. "This is a particularly worrying trend as it coincides with a significant increase in malvertising."

While mobile users are not yet subject to the same drive-by downloads that PC users face, the report acknowledges, mobile ads increasingly are being used as part of many social engineering attacks.

Making matters worse, the increased frequency of mobile ads conditions users to see them as normal, which makes users more vulnerable to the attacks that are launched through ads, it points out.

"Malvertising is a very effective way to infect unsuspecting users with malware, because it can exploit browser vulnerabilities both known and unknown," Dana Tamir, director of enterprise security at
Trusteer, told TechNewsWorld.

One way to foil malvertisers is with an ad blocker, although they have been known to prevent some Web pages from executing properly.

"Ad blockers can lessen the chance of infection a ton," Gary McGraw, CTO of
Cigital, told TechNewsWorld, "but it's not going to solve the problem."

"The real answer," he said, is "you shouldn't surf around randomly with a machine that has content on it you care about."

Sky Not Falling

The clock is ticking for Windows XP users: Microsoft is cutting off support to the operating system on April 8. That means no more security updates, but it doesn't mean the end of the world for XP hangers-on.

"The sky isn't going to fall -- at least not right away," Sean Sullivan, a security researcher with F-Secure Labs, told TechNewsWorld.

The big problem with Windows XP, which is running on around 20 percent of the PCs in the developed world, is that if it gets infected, it's difficult to disinfect, because the OS contains fewer technologies that make life difficult for malware compared to later versions of Windows.

"Once an XP machine is infected with malware, it can really get rooted in," Sullivan explained. "That's been the problem in the past and it will be the problem post-April 8."

Nevertheless, some Cassandras have been predicting an Xpocalypse after the cutoff date. They believe hackers are sitting on their choicest XP exploits and will unleash them when they know Microsoft won't be coming to the rescue of the users of the orphaned OS.

"I'm skeptical of that," Sullivan said. "Most of the vulnerabilities have already been traded in the market. I don't think there's anything that's going to be sprung on consumers."

That doesn't mean there won't be any new XP issues.

"If something wormable is released in May, then we're going to have a real problem," Sullivan said.

Data Breach Diary

March 3. Twitter resets passwords of less than 1 percent of its users due to a system error.

March 3. Sands Casino location in Bethlehem, Pa., notifies tens of thousands of slot and table game players registered with the gambling facility that their Social Security and driver's license numbers, and possibly credit card and banking info, may have been exposed during a data breach in February.

March 3. eSecurity Planet reports L.A. Care Health Plan is informing an undisclosed number of customers that their personal information may have been compromised by a manual information processing error that allowed some members of the plan to see payment of other members at the plan's website.

March 4. AppRiver releases survey results showing that 71.4 percent of security professionals believe that the most frequent point of failure for IT security is people.

March 5. Federal prosecutors drop most charges against Barrett Brown, a self-proclaimed spokesperson for the hacker collective Anonymous. Brown still faces charges of possession of stolen credit card numbers with intent to defraud and threatening an FBI agent.

March 5. Target Chief Information Officer Beth Jacob resigns. During her time on the job, Target suffered one of the largest data breaches in history of networked computing, with 40 million payment card numbers compromised and 70 million customer records stolen.

March 5. SailPoint releases survey results showing that 82 percent of companies have embraced BYOD, but 41 percent of those companies do not have controls in place to manage those devices. Forty-six percent of companies are unable to manage employee access to applications across their full IT infrastructure, based on the poll.

March 6. Comics fan site Comixology resets all its members passwords after a data breach compromises a database containing user names, email addresses and encrypted passwords.

March 6. Lookout discovers app in Google Play Store containing Dendroid, a Remote Access Toolkit for Android devices. The malware can take pictures using a phone's camera, record audio and video, download existing pictures, record calls, send texts and more. Although the app evaded Google's initial detection systems, it subsequently was removed from Google Play by Google.

March 7. Electronic Privacy Information Center and the Center for Digital Democracy file objection with Federal Trade Commission to FaceBook purchasing WhatsApp for US$19 billion because it will violate WhatsApp users' understanding of their exposure to online advertising and constitutes an unfair and deceptive trade practice.

March 25. Meeting on Commercial Use of Facial Recognition Technology. 1-5 p.m. ET. Held by National Telecommunications and Information Administration at American Institute of Architects, 1735 New York Ave. NW, Washington, D.C.

April 8. Meeting on Commercial Use of Facial Recognition Technology. 1-5 p.m. ET. Held by National Telecommunications and Information Administration at American Institute of Architects, 1735 New York Ave. NW, Washington, D.C.

April 29. Meeting on Commercial Use of Facial Recognition Technology. 1-5 p.m. ET. Held by National Telecommunications and Information Administration at American Institute of Architects, 1735 New York Ave. NW, Washington, D.C.

May 20. Meeting on Commercial Use of Facial Recognition Technology. 1-5 p.m. ET. Held by National Telecommunications and Information Administration at American Institute of Architects, 1735 New York Ave. NW, Washington, D.C.

June 3. Meeting on Commercial Use of Facial Recognition Technology. 1-5 p.m. ET. Held by National Telecommunications and Information Administration at American Institute of Architects, 1735 New York Ave. NW, Washington, D.C.

June 24. Meeting on Commercial Use of Facial Recognition Technology. 1-5 p.m. ET. Held by National Telecommunications and Information Administration at American Institute of Architects, 1735 New York Ave. NW, Washington, D.C.